CVE-2022-21177: Path Traversal
First published: Fri Mar 11 2022(Updated: )
There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yokogawa Centum Cs 3000 Firmware | >=r3.08.10<=r3.09.00 | |
| Yokogawa CENTUM CS 3000 | ||
| Yokogawa Centum Cs 3000 Entry Firmware | >=r3.08.10<=r3.09.00 | |
| Yokogawa Centum Cs 3000 Entry | ||
| Yokogawa Centum Vp Firmware | >=r4.01.00<=r4.03.00 | |
| Yokogawa Centum Vp Firmware | >=r5.01.00<=r5.04.20 | |
| Yokogawa Centum Vp Firmware | >=r6.01.00<r6.09.00 | |
| Yokogawa Centum Vp | ||
| Yokogawa Centum Vp Entry Firmware | >=r4.01.00<=r4.03.00 | |
| Yokogawa Centum Vp Entry Firmware | >=r5.01.00<=r5.04.20 | |
| Yokogawa Centum Vp Entry Firmware | >=r6.01.00<r6.09.00 | |
| Yokogawa Centum Vp Entry | ||
| Yokogawa Exaopc | >=r3.72.00<r3.80.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-21177.
What is the severity of CVE-2022-21177?
The severity of CVE-2022-21177 is high.
Which Yokogawa Electric products are affected by CVE-2022-21177?
The following Yokogawa Electric products are affected by CVE-2022-21177: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.80.00.
What is the fix for CVE-2022-21177?
Apply the latest firmware updates provided by Yokogawa Electric to the affected products.
Where can I find more information about CVE-2022-21177?
You can find more information about CVE-2022-21177 at the following reference: [Yokogawa ESAR-22-0001-E](https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf).
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/yokogawa
- canonical/yokogawa centum cs 3000 firmware
- version/yokogawa centum cs 3000 firmware/r3.08.10
- version/yokogawa centum cs 3000 firmware/r3.09.00
- canonical/yokogawa centum cs 3000
- canonical/yokogawa centum cs 3000 entry firmware
- version/yokogawa centum cs 3000 entry firmware/r3.08.10
- version/yokogawa centum cs 3000 entry firmware/r3.09.00
- canonical/yokogawa centum cs 3000 entry
- canonical/yokogawa centum vp firmware
- version/yokogawa centum vp firmware/r4.01.00
- version/yokogawa centum vp firmware/r4.03.00
- version/yokogawa centum vp firmware/r5.01.00
- version/yokogawa centum vp firmware/r5.04.20
- version/yokogawa centum vp firmware/r6.01.00
- canonical/yokogawa centum vp
- canonical/yokogawa centum vp entry firmware
- version/yokogawa centum vp entry firmware/r4.01.00
- version/yokogawa centum vp entry firmware/r4.03.00
- version/yokogawa centum vp entry firmware/r5.01.00
- version/yokogawa centum vp entry firmware/r5.04.20
- version/yokogawa centum vp entry firmware/r6.01.00
- canonical/yokogawa centum vp entry
- canonical/yokogawa exaopc
- version/yokogawa exaopc/r3.72.00